| dc.contributor.advisor | 陳恭 | zh_TW |
| dc.contributor.advisor | Chen, Kung | en_US |
| dc.contributor.author (作者) | 彭應武 | zh_TW |
| dc.contributor.author (作者) | Peng, Ying-Wu | en_US |
| dc.creator (作者) | 彭應武 | zh_TW |
| dc.creator (作者) | Peng, Ying-Wu | en_US |
| dc.date (日期) | 2009 | en_US |
| dc.date.accessioned | 9-四月-2010 14:49:29 (UTC+8) | - |
| dc.date.available | 9-四月-2010 14:49:29 (UTC+8) | - |
| dc.date.issued (上傳時間) | 9-四月-2010 14:49:29 (UTC+8) | - |
| dc.identifier (其他 識別碼) | G0094971004 | en_US |
| dc.identifier.uri (URI) | http://nccur.lib.nccu.edu.tw/handle/140.119/38538 | - |
| dc.description (描述) | 碩士 | zh_TW |
| dc.description (描述) | 國立政治大學 | zh_TW |
| dc.description (描述) | 資訊科學學系 | zh_TW |
| dc.description (描述) | 94971004 | zh_TW |
| dc.description (描述) | 98 | zh_TW |
| dc.description.abstract (摘要) | 隨著資訊科技日益普及,近年來資安事件仍層出不窮。行政院國家資通安全會報於94年5月,訂定「政府機關(構)資訊安全責任等級分級作業實施計畫」,針對各種資訊安全的潛在威脅,提出以建立管理機制並配合技術支援服務的方式,期能有效防護資訊資產,提昇資訊安全。其中管理面的具體措施為建構「資訊安全管理系統」(ISMS, Information Security Management System),並規範列屬資安責任等級為A或B級之機關,應在規定之期限內通過由第三方(third party)公正機構驗證符合資訊安全國際標準。根據行政院科技顧問組針對A、B級機關在2008年進行資安責任等級應辦事項調查顯示,B級機關在資安認證達成率只有43%,可見通過資安認證有其困難性。 本研究依據已通過資安認證的機關的經驗分享文獻,分析歸納導入ISMS所可能遭遇的主要問題,從而主張可以採用內容管理系統(CMS, Content Management System)的平台來協助組織導入ISMS。Drupal是一套結構簡單且具高擴展性模組化的開放源碼內容管理系統,不僅容易在其平台上建立客製化的應用系統,且有大量的社群可提供技術支援,故本研採用Drupal建置輔助系統,方便組織在導入符合國際標準的ISMS(如ISO 27001)時,可以集中管理各類相關資訊,評定資產價值,計算風險值,並提供組織申請ISO驗證時作為部份佐證資料的集中管理。 | zh_TW |
| dc.description.abstract (摘要) | As information technology is widely used in our daily work and life, incidents of information security also occurs from time to time. In May of 2005, the National Information & Communication Security Taskforce of R.O.C. instituted “The operational plan for classifying the information security duty grade of the government agencies”. The plan demands government agencies to establish technological support services along with management mechanisms for all potential security threats to provide effective information security management. In addition, all agencies whose security grade belongs to the A or B levels must pass the third party certification for ISO Information Security Standard within a specific deadline. However, as shown in the investigation report released by the government technology advisors in 2008, the achievement rate for information security certification on grade B government agencies is only 43%. Therefore, it is perceived that there are some difficulties in passing the information security certification This thesis analyzes and summarizes the main difficulties that organizations may encounter when establishing an ISMS by following the international IS standard ISO 27001. The analysis results show that document management is a key issue. Therefore, we claim that a content management platform is a good foundation to build an assistant for an organization to establish its ISMS. To demonstrate our proposal, we choose the open source content management platform, Drupal, to set up such an assistant. By fully utilizing the simpler yet extensible structures provided Drupal, we build up an assistant system that facilitates an organization to manage all related documents centrally, to assess asset values and calculate risk values by following the ISO 27001 information security international standard. These facilities will give the organization a very strong evidence of employing a centralized information security management system when applying for ISO certification | en_US |
| dc.description.tableofcontents | 第一章 緒論 1 1.1 前言 1 1.2 研究動機 7 1.3 研究目的 11 1.4 研究成果 11 1.5 研究限制 12 1.6 論文大綱 12 第二章 核心技術探討 13 2.1 資訊安全管理系統(ISMS, Information Security Management System) 13 2.2 內容管理系統(CMS, Content Management System) 28 2.3 Drupal 32 第三章 系統分析 41 3.1 系統緣起 41 3.2 系統分析 42 3.3資料結構分析 45 第四章 系統設計與實作 50 4.1系統架構說明 50 4.2評定資產價值範例說明 55 4.3內容類型設計說明 58 4.4資產價值及風險值計算設計說明 63 4.5系統功能展示說明 65 第五章 結論與建議 71 | zh_TW |
| dc.language.iso | en_US | - |
| dc.source.uri (資料來源) | http://thesis.lib.nccu.edu.tw/record/#G0094971004 | en_US |
| dc.subject (關鍵詞) | 內容管理系統 | zh_TW |
| dc.subject (關鍵詞) | 資訊安全管理系統 | zh_TW |
| dc.subject (關鍵詞) | CMS | en_US |
| dc.subject (關鍵詞) | ISMS | en_US |
| dc.subject (關鍵詞) | ISO 27001 | en_US |
| dc.subject (關鍵詞) | Drupal | en_US |
| dc.title (題名) | 基於內容管理系統的資訊安全標準導入輔助系統 | zh_TW |
| dc.title (題名) | A Content Management System Based Assistant for Implementing ISO Information Security Standard | en_US |
| dc.type (資料類型) | thesis | en |
| dc.relation.reference (參考文獻) | 【1】 個人資料保護法, 行政院, 2008 | zh_TW |
| dc.relation.reference (參考文獻) | 【2】 CNS 27001-資訊安全管理之作業要點, 經濟部標準檢驗局, 2006 | zh_TW |
| dc.relation.reference (參考文獻) | 【3】 CNS 14929-資訊與通訊技術安全管理概念與模型, 經濟部標準檢驗局, 2008 | zh_TW |
| dc.relation.reference (參考文獻) | 【4】 教育部校園資訊安全服務網, http://cissnet.edu.tw/ | zh_TW |
| dc.relation.reference (參考文獻) | 【5】 經濟部標準檢驗局, http://www.bsmi.gov.tw/ | zh_TW |
| dc.relation.reference (參考文獻) | 【6】 經濟部標準檢驗局資訊安全管理系統導入經驗分享, http://www.dgbas.gov.tw/public/Data/97816385571.pdf | zh_TW |
| dc.relation.reference (參考文獻) | 【7】 行政院人事行政局「資訊安全管理系統」認證經驗分享, http://www.dgbas.gov.tw/public/Data/7121216243271.pdf | zh_TW |
| dc.relation.reference (參考文獻) | 【8】 世新大學 ISMS 經驗分享, 范修維, 2008 | zh_TW |
| dc.relation.reference (參考文獻) | 【9】 ISMS的導入與後續之落實, 蘇建郡, 2009 | zh_TW |
| dc.relation.reference (參考文獻) | 【10】 景文科技大學-建置ISMS經驗分享, 方鎮良, 2009 | zh_TW |
| dc.relation.reference (參考文獻) | 【11】 台灣大學資訊與網路中心電子報, http://www.cc.ntu.edu.tw/chinese/epaper/ | zh_TW |
| dc.relation.reference (參考文獻) | 【12】 Drupal Taiwan 正體中文支援站, http://drupaltaiwan.org/ | zh_TW |
| dc.relation.reference (參考文獻) | 【13】 drupal.org | Community plumbing, http://drupal.org/ | zh_TW |
| dc.relation.reference (參考文獻) | 【14】 Information technology -- Security techniques -- Information security management systems -- Requirements, ISO, 2005 | zh_TW |
| dc.relation.reference (參考文獻) | 【15】 ISMS Auditor/ Lead Auditor Training Course, BSI, 2009 | zh_TW |
| dc.relation.reference (參考文獻) | 【16】 Building powerful and robust websites with Drupal 6, David Mercer, 2008 | zh_TW |
| dc.relation.reference (參考文獻) | 【17】 Learning Drupal6 Module Development, Matt Butcher, 2008 | zh_TW |
| dc.relation.reference (參考文獻) | 【18】 Pro.Drupal.Development, John K. VanDyk and Matt Westgate, 2007 | zh_TW |
| dc.relation.reference (參考文獻) | 【19】 Comparing Open Source Content Management Systems: WordPress, Joomla, Drupal, and Plone | zh_TW |
| dc.relation.reference (參考文獻) | http://www.idealware.org/comparing_os_cms/ | zh_TW |
| dc.relation.reference (參考文獻) | 【20】 2008 Open Source CMS Market Share Survey http://waterandstone.com/downloads/2008OpenSourceCMSMarketSurvey.pdf | zh_TW |
